1271 matches found
CVE-2026-35583
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...
CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...
CVE-2026-35583
Emissary (configuration API) vulnerability: A path traversal could be achieved in /api/configuration/{name} due to a blacklist-based validation that blocked , /, .., and trailing ... The check can be bypassed via URL-encoded variants, double-encoding, or Unicode normalization, allowing access to ...
Emissary 路径遍历漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of a blacklist method to validate configuration names in the configuration...
PraisonAI Has Path Traversal in FileTools
Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...
GHSA-693F-PF34-72C5 PraisonAI Has Path Traversal in FileTools
Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...
SmartContract-VulnHunter
🛡️ SmartContract VulnHunter The ultimate smart contract securi...
PT-2026-30763
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI is susceptible to a path traversal issue due to a flaw in the validate path function. This function first calls os.path.normpath, which collapses '..' sequences, and then checks for the...
GHSA-WV3H-5FX7-966H Directus: SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
Summary A Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation. Details Directus implements an IP deny-li...
PT-2026-30326
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.16.0 Description A Server-Side Request Forgery SSRF protection bypass exists in Directus. The IP address validation used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6...
CVE-2026-34124
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...
util-linux 安全漏洞
util-linux is an open-source software package developed by util-linux. There is a security vulnerability in util-linux, which stems from improper hostname normalization. This vulnerability could allow remote attackers to bypass host-based PAM access control rules and gain unauthorized access...
GHSA-8H8F-7CXM-M38J Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3x4-hc5v-v2gm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment...
EUVD-2026-18491
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...
CVE-2026-34426
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...
EUVD-2026-18436
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...
CVE-2026-34426
OpenClaw is affected in versions prior to commit b57b680, due to inconsistent environment variable normalization between approval and execution paths. This allows attackers to inject attacker-controlled environment variables into execution without proper approval validation, by exploiting differi...
CVE-2026-34426
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...
CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...
CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...